SI-4041 Add SSL support for netty server, deprecate HttpNettyServerFactory(use HttpNettyServerBuilder)

RB=1188873
BUG=SI-4041
G=si-core-reviewers
R=ssheng
A=ssheng

Author: dengpan-yin

r2-int-test/src/test/java/test/r2/integ/AbstractEchoServiceTest.java

@@ -54,9 +54,10 @@ public abstract class AbstractEchoServiceTest
   private final String _toClientKey = "to-client";
   private final String _toClientValue = "this value goes to the client";
 
-  protected Client _client;
+  protected final static String ECHO_MSG = "This is a simple echo message";
 
-  private Server _server;
+  protected Client _client;
+  protected Server _server;
 
   private CaptureWireAttributesFilter _serverCaptureFilter;
   private CaptureWireAttributesFilter _clientCaptureFilter;
@@ -66,55 +67,35 @@ public abstract class AbstractEchoServiceTest
   @BeforeClass
   protected void setUp() throws Exception
   {
-    _serverCaptureFilter = new CaptureWireAttributesFilter();
-    _clientCaptureFilter = new CaptureWireAttributesFilter();
-
-    _serverLengthFilter = new LogEntityLengthFilter();
-    _clientLengthFilter = new LogEntityLengthFilter();
-
-    SendWireAttributeFilter serverWireFilter = new SendWireAttributeFilter(_toClientKey, _toClientValue, false);
-    SendWireAttributeFilter clientWireFilter = new SendWireAttributeFilter(_toServerKey, _toServerValue, true);
-
-    final FilterChain serverFilters = FilterChains.empty()
-            .addFirstRest(_serverCaptureFilter)
-            .addLastRest(_serverLengthFilter)
-            .addLastRest(serverWireFilter)
-            .addFirst(_serverCaptureFilter)
-            // test adapted rest filter works fine in rest over stream setting
-            .addLast(StreamFilterAdapters.adaptRestFilter(_serverLengthFilter))
-            .addLast(serverWireFilter);
-
-    final FilterChain clientFilters = FilterChains.empty()
-            .addFirstRest(_clientCaptureFilter)
-            .addLastRest(_clientLengthFilter)
-            .addLastRest(clientWireFilter)
-            .addFirst(_clientCaptureFilter)
-            // test adapted rest filter works fine in rest over stream setting
-            .addLast(StreamFilterAdapters.adaptRestFilter(_clientLengthFilter))
-            .addLast(clientWireFilter);
+    final FilterChain clientFilters = getClientFilters();
+    final FilterChain serverFilters = getServerFilters();
 
     _client = createClient(clientFilters);
-
     _server = createServer(serverFilters);
     _server.start();
   }
 
   @AfterClass
   protected void tearDown() throws Exception
+  {
+    tearDown(_client, _server);
+  }
+
+  protected void tearDown(Client client, Server server) throws Exception
   {
     final FutureCallback<None> callback = new FutureCallback<None>();
-    _client.shutdown(callback);
+    client.shutdown(callback);
 
     try
     {
       callback.get();
     }
     finally
     {
-      if (_server != null)
+      if (server != null)
       {
-        _server.stop();
-        _server.waitForStop();
+        server.stop();
+        server.waitForStop();
       }
     }
   }
@@ -272,10 +253,42 @@ public void testFilterChainOnException() throws Exception
     Assert.assertNull(_clientCaptureFilter.getResponse().get(_toServerKey));
   }
 
+  protected FilterChain getClientFilters()
+  {
+    _clientCaptureFilter = new CaptureWireAttributesFilter();
+    _clientLengthFilter = new LogEntityLengthFilter();
+    final SendWireAttributeFilter clientWireFilter = new SendWireAttributeFilter(_toServerKey, _toServerValue, true);
+
+    return FilterChains.empty()
+        .addFirstRest(_clientCaptureFilter)
+        .addLastRest(_clientLengthFilter)
+        .addLastRest(clientWireFilter)
+        .addFirst(_clientCaptureFilter)
+        // test adapted rest filter works fine in rest over stream setting
+        .addLast(StreamFilterAdapters.adaptRestFilter(_clientLengthFilter))
+        .addLast(clientWireFilter);
+  }
+
+  protected FilterChain getServerFilters()
+  {
+    _serverCaptureFilter = new CaptureWireAttributesFilter();
+    _serverLengthFilter = new LogEntityLengthFilter();
+    final SendWireAttributeFilter serverWireFilter = new SendWireAttributeFilter(_toClientKey, _toClientValue, false);
+
+    return FilterChains.empty()
+        .addFirstRest(_serverCaptureFilter)
+        .addLastRest(_serverLengthFilter)
+        .addLastRest(serverWireFilter)
+        .addFirst(_serverCaptureFilter)
+        // test adapted rest filter works fine in rest over stream setting
+        .addLast(StreamFilterAdapters.adaptRestFilter(_serverLengthFilter))
+        .addLast(serverWireFilter);
+  }
+
   protected abstract EchoService getEchoClient(Client client, URI uri);
 
   protected abstract Client createClient(FilterChain filters) throws Exception;
 
-  protected abstract Server createServer(FilterChain filters);
+  protected abstract Server createServer(FilterChain filters) throws Exception;
 
 }

r2-int-test/src/test/java/test/r2/integ/AbstractTestHttps.java

@@ -21,14 +21,9 @@
 import com.linkedin.r2.sample.echo.rest.RestEchoClient;
 import com.linkedin.r2.transport.common.Client;
 import com.linkedin.r2.transport.common.Server;
-import com.linkedin.r2.transport.common.bridge.client.TransportClient;
-import com.linkedin.r2.transport.common.bridge.client.TransportClientAdapter;
-import com.linkedin.r2.transport.http.client.HttpClientFactory;
 import java.io.FileInputStream;
 import java.net.URI;
 import java.security.KeyStore;
-import java.util.HashMap;
-import java.util.Map;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
@@ -98,21 +93,11 @@ protected SSLContext getContext() throws Exception
   @Override
   protected Client createClient(FilterChain filters) throws Exception
   {
-    final Map<String, Object> properties = new HashMap<>();
-
-    SSLContext context = getContext();
-    properties.put(HttpClientFactory.HTTP_SSL_CONTEXT, context);
-    properties.put(HttpClientFactory.HTTP_SSL_PARAMS, context.getDefaultSSLParameters());
-
-    final TransportClient client = new HttpClientFactory.Builder()
-      .setFilterChain(filters)
-      .build()
-      .getClient(properties);
-    return new TransportClientAdapter(client, _clientROS);
+    return Bootstrap.createHttpsClient(filters, _clientROS, getContext(), null);
   }
 
   @Override
-  protected Server createServer(FilterChain filters)
+  protected Server createServer(FilterChain filters) throws Exception
   {
     return Bootstrap.createHttpsServer(_port, keyStore, keyStorePassword, filters, _serverROS);
   }

r2-int-test/src/test/java/test/r2/integ/TestHttpsEarlyHandshake.java

@@ -22,7 +22,7 @@
 import com.linkedin.r2.transport.http.client.common.ChannelPoolManagerFactoryImpl;
 import com.linkedin.r2.transport.http.client.common.ChannelPoolManagerKey;
 import com.linkedin.r2.transport.http.client.common.ChannelPoolManagerKeyBuilder;
-import com.linkedin.r2.transport.http.client.common.SslHandlerUtil;
+import com.linkedin.r2.transport.http.util.SslHandlerUtil;
 import io.netty.channel.Channel;
 import io.netty.channel.nio.NioEventLoopGroup;
 import io.netty.handler.ssl.SslHandler;

r2-int-test/src/test/java/test/r2/integ/TestNettyHttpsEcho.java

@@ -0,0 +1,189 @@
+/*
+   Copyright (c) 2018 LinkedIn Corp.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package test.r2.integ;
+
+import com.linkedin.common.callback.FutureCallback;
+import com.linkedin.r2.RemoteInvocationException;
+import com.linkedin.r2.filter.FilterChain;
+import com.linkedin.r2.sample.Bootstrap;
+import com.linkedin.r2.sample.echo.EchoService;
+import com.linkedin.r2.sample.echo.EchoServiceImpl;
+import com.linkedin.r2.sample.echo.rest.RestEchoClient;
+import com.linkedin.r2.sample.echo.rest.RestEchoServer;
+import com.linkedin.r2.transport.common.Client;
+import com.linkedin.r2.transport.common.Server;
+import com.linkedin.r2.transport.common.bridge.server.TransportDispatcher;
+import com.linkedin.r2.transport.common.bridge.server.TransportDispatcherBuilder;
+import com.linkedin.r2.transport.http.server.HttpNettyServerBuilder;
+import java.util.concurrent.TimeUnit;
+import org.testng.Assert;
+import org.testng.annotations.Factory;
+import org.testng.annotations.Test;
+import java.net.URI;
+
+
+/**
+ * @author Dengpan Yin
+ */
+public class TestNettyHttpsEcho extends AbstractTestHttps
+{
+  private static final int TEST_CASE_TIME_OUT = 10000;
+  private static final int CALL_BACK_TIME_OUT = 1000;
+
+  @Factory(dataProvider = "configs")
+  public TestNettyHttpsEcho(boolean clientROS, boolean serverROS, int port)
+  {
+    super(clientROS, serverROS, port);
+  }
+
+  @Override
+  protected Server createServer(FilterChain filters) throws Exception
+  {
+    return createHttpsServer(filters, _port);
+  }
+
+  protected TransportDispatcher getTransportDispatcher()
+  {
+    return new TransportDispatcherBuilder()
+        .addRestHandler(Bootstrap.getEchoURI(), new RestEchoServer(new EchoServiceImpl()))
+        .build();
+  }
+
+  protected Server createHttpServer(FilterChain filters, int port) throws Exception
+  {
+    final TransportDispatcher dispatcher = getTransportDispatcher();
+
+    return new HttpNettyServerBuilder().filters(filters).port(port).transportDispatcher(dispatcher).build();
+  }
+
+  protected Server createHttpsServer(FilterChain filters, int port) throws Exception
+  {
+    final TransportDispatcher dispatcher = getTransportDispatcher();
+
+    return new HttpNettyServerBuilder()
+        .port(port)
+        .filters(filters)
+        .transportDispatcher(dispatcher)
+        .sslContext(getContext()).build();
+  }
+
+  /**
+   * SSL disabled Netty server is able to process http request from SSL enabled netty client.
+   */
+  @Test(timeOut = TEST_CASE_TIME_OUT)
+  public void testInsecureServerProcessHttpRequestFromSecureClient() throws Exception
+  {
+    testInsecureServerProcessRequestFromSecureClient(true);
+  }
+
+  /**
+   * SSL disabled Netty server is unable to process https request from SSL enabled netty client
+   */
+  @Test(timeOut = TEST_CASE_TIME_OUT)
+  public void testInsecureServerProcessHttpsRequestFromSecureClient() throws Exception
+  {
+    testInsecureServerProcessRequestFromSecureClient(false);
+  }
+
+  /**
+   * SSL enabled Netty server is unable to process http request from SSL disabled netty client.
+   */
+  @Test(timeOut = TEST_CASE_TIME_OUT)
+  public void testSecureServerProcessHttpRequestFromInsecureClient() throws Exception
+  {
+    testSecureServerProcessRequestFromInsecureClient(true);
+  }
+
+  /**
+   * SSL enabled Netty server is unable to process https request from SSL disabled netty client.
+   */
+  @Test(timeOut = TEST_CASE_TIME_OUT)
+  public void testSecureServerProcessHttpsRequestFromInsecureClient() throws Exception
+  {
+    testSecureServerProcessRequestFromInsecureClient(false);
+  }
+
+  private void testInsecureServerProcessRequestFromSecureClient(boolean httpUri) throws Exception
+  {
+    final FilterChain filters = getServerFilters();
+    final Client client = createClient(filters);
+    final int port = _port + 1;
+    final URI uri = httpUri ? Bootstrap.createHttpURI(port, Bootstrap.getEchoURI()) : Bootstrap.createHttpsURI(port, Bootstrap.getEchoURI());
+    final EchoService echoClient = new RestEchoClient(uri, client);
+    final Server server = createHttpServer(filters, port);
+
+    try
+    {
+      server.start();
+      final FutureCallback<String> callback = new FutureCallback<String>();
+      echoClient.echo(ECHO_MSG, callback);
+
+      final String actual = callback.get(CALL_BACK_TIME_OUT, TimeUnit.MILLISECONDS);
+      if (httpUri)
+      {
+        Assert.assertEquals(actual, ECHO_MSG);
+      }
+      else
+      {
+        Assert.fail("Should have thrown an exception.");
+      }
+    }
+    catch (Exception e)
+    {
+      if (!httpUri)
+      {
+        Assert.assertTrue(e.getCause() instanceof RemoteInvocationException);
+      }
+      else
+      {
+        Assert.fail("Unexpected Exception:", e);
+      }
+    }
+    finally
+    {
+      tearDown(client, server);
+    }
+  }
+
+  private void testSecureServerProcessRequestFromInsecureClient(boolean httpUri) throws Exception
+  {
+    final FilterChain filters = getServerFilters();
+    final Client client = Bootstrap.createHttpClient(filters, _clientROS);
+    final int port = _port + 1;
+    final URI uri = httpUri ? Bootstrap.createHttpURI(port, Bootstrap.getEchoURI()) : Bootstrap.createHttpsURI(port, Bootstrap.getEchoURI());
+    final EchoService echoClient = new RestEchoClient(uri, client);
+    final Server server = createHttpsServer(filters, port);
+
+    try
+    {
+      server.start();
+      final FutureCallback<String> callback = new FutureCallback<String>();
+      echoClient.echo(ECHO_MSG, callback);
+
+      callback.get(CALL_BACK_TIME_OUT, TimeUnit.MILLISECONDS);
+      Assert.fail("Should have thrown an exception.");
+    }
+    catch (Exception e)
+    {
+      Assert.assertTrue(e.getCause() instanceof RemoteInvocationException);
+    }
+    finally
+    {
+      tearDown(client, server);
+    }
+  }
+}